On Mon, 23 May 2005 23:37:36 BST, Luke Kenneth Casson Leighton said: > i have a bit more confidence to try it :) The hardest part will be figuring out how depinit fits into the init_t/initrc_t model - the RedHat/Fedora way has 'init' running in init_t, and any /etc/rc*.d/ scripts get launched in initrc_t, and then initrc_t is able to transition to whatever fooserver_t the daemon runs in. If depinit runs scripts to start stuff, just labeling everything so depinit runs as init_t and the scripts as initrc_t will probably be a lot closer to done than you might imagine.... And the *nice* thing is that once you're fairly confident that you've got it at least somewhat close, you can boot in 'permissive' mode, catch all the 'avc' messages, and use 'audit2allow' to help sort out the wreckage.
Attachment:
pgpM2t4hgUaIp.pgp
Description: PGP signature